1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @rtc-reset-reinjection: 7# 8# This command will reset the RTC interrupt reinjection backlog. Can 9# be used if another mechanism to synchronize guest time is in effect, 10# for example QEMU guest agent's guest-set-time command. 11# 12# Since: 2.1 13# 14# Example: 15# 16# -> { "execute": "rtc-reset-reinjection" } 17# <- { "return": {} } 18## 19{ 'command': 'rtc-reset-reinjection', 20 'if': 'TARGET_I386' } 21 22## 23# @SevState: 24# 25# An enumeration of SEV state information used during @query-sev. 26# 27# @uninit: The guest is uninitialized. 28# 29# @launch-update: The guest is currently being launched; plaintext 30# data and register state is being imported. 31# 32# @launch-secret: The guest is currently being launched; ciphertext 33# data is being imported. 34# 35# @running: The guest is fully launched or migrated in. 36# 37# @send-update: The guest is currently being migrated out to another 38# machine. 39# 40# @receive-update: The guest is currently being migrated from another 41# machine. 42# 43# Since: 2.12 44## 45{ 'enum': 'SevState', 46 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 47 'send-update', 'receive-update' ], 48 'if': 'TARGET_I386' } 49 50## 51# @SevGuestType: 52# 53# An enumeration indicating the type of SEV guest being run. 54# 55# @sev: The guest is a legacy SEV or SEV-ES guest. 56# 57# @sev-snp: The guest is an SEV-SNP guest. 58# 59# Since: 6.2 60## 61{ 'enum': 'SevGuestType', 62 'data': [ 'sev', 'sev-snp' ], 63 'if': 'TARGET_I386' } 64 65## 66# @SevGuestInfo: 67# 68# Information specific to legacy SEV/SEV-ES guests. 69# 70# @policy: SEV policy value 71# 72# @handle: SEV firmware handle 73# 74# Since: 2.12 75## 76{ 'struct': 'SevGuestInfo', 77 'data': { 'policy': 'uint32', 78 'handle': 'uint32' }, 79 'if': 'TARGET_I386' } 80 81## 82# @SevSnpGuestInfo: 83# 84# Information specific to SEV-SNP guests. 85# 86# @snp-policy: SEV-SNP policy value 87# 88# Since: 9.1 89## 90{ 'struct': 'SevSnpGuestInfo', 91 'data': { 'snp-policy': 'uint64' }, 92 'if': 'TARGET_I386' } 93 94## 95# @SevInfo: 96# 97# Information about Secure Encrypted Virtualization (SEV) support 98# 99# @enabled: true if SEV is active 100# 101# @api-major: SEV API major version 102# 103# @api-minor: SEV API minor version 104# 105# @build-id: SEV FW build id 106# 107# @state: SEV guest state 108# 109# @sev-type: Type of SEV guest being run 110# 111# Since: 2.12 112## 113{ 'union': 'SevInfo', 114 'base': { 'enabled': 'bool', 115 'api-major': 'uint8', 116 'api-minor' : 'uint8', 117 'build-id' : 'uint8', 118 'state' : 'SevState', 119 'sev-type' : 'SevGuestType' }, 120 'discriminator': 'sev-type', 121 'data': { 122 'sev': 'SevGuestInfo', 123 'sev-snp': 'SevSnpGuestInfo' }, 124 'if': 'TARGET_I386' } 125 126 127## 128# @query-sev: 129# 130# Returns information about SEV 131# 132# Returns: @SevInfo 133# 134# Since: 2.12 135# 136# Example: 137# 138# -> { "execute": "query-sev" } 139# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 140# "build-id" : 0, "policy" : 0, "state" : "running", 141# "handle" : 1 } } 142## 143{ 'command': 'query-sev', 'returns': 'SevInfo', 144 'if': 'TARGET_I386' } 145 146## 147# @SevLaunchMeasureInfo: 148# 149# SEV Guest Launch measurement information 150# 151# @data: the measurement value encoded in base64 152# 153# Since: 2.12 154## 155{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 156 'if': 'TARGET_I386' } 157 158## 159# @query-sev-launch-measure: 160# 161# Query the SEV guest launch information. 162# 163# Returns: The @SevLaunchMeasureInfo for the guest 164# 165# Since: 2.12 166# 167# Example: 168# 169# -> { "execute": "query-sev-launch-measure" } 170# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 171## 172{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 173 'if': 'TARGET_I386' } 174 175## 176# @SevCapability: 177# 178# The struct describes capability for a Secure Encrypted 179# Virtualization feature. 180# 181# @pdh: Platform Diffie-Hellman key (base64 encoded) 182# 183# @cert-chain: PDH certificate chain (base64 encoded) 184# 185# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 186# 187# @cbitpos: C-bit location in page table entry 188# 189# @reduced-phys-bits: Number of physical Address bit reduction when 190# SEV is enabled 191# 192# Since: 2.12 193## 194{ 'struct': 'SevCapability', 195 'data': { 'pdh': 'str', 196 'cert-chain': 'str', 197 'cpu0-id': 'str', 198 'cbitpos': 'int', 199 'reduced-phys-bits': 'int'}, 200 'if': 'TARGET_I386' } 201 202## 203# @query-sev-capabilities: 204# 205# This command is used to get the SEV capabilities, and is supported 206# on AMD X86 platforms only. 207# 208# Returns: SevCapability objects. 209# 210# Since: 2.12 211# 212# Example: 213# 214# -> { "execute": "query-sev-capabilities" } 215# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 216# "cpu0-id": "2lvmGwo+...61iEinw==", 217# "cbitpos": 47, "reduced-phys-bits": 1}} 218## 219{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 220 'if': 'TARGET_I386' } 221 222## 223# @sev-inject-launch-secret: 224# 225# This command injects a secret blob into memory of SEV guest. 226# 227# @packet-header: the launch secret packet header encoded in base64 228# 229# @secret: the launch secret data to be injected encoded in base64 230# 231# @gpa: the guest physical address where secret will be injected. 232# 233# Since: 6.0 234## 235{ 'command': 'sev-inject-launch-secret', 236 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 237 'if': 'TARGET_I386' } 238 239## 240# @SevAttestationReport: 241# 242# The struct describes attestation report for a Secure Encrypted 243# Virtualization feature. 244# 245# @data: guest attestation report (base64 encoded) 246# 247# Since: 6.1 248## 249{ 'struct': 'SevAttestationReport', 250 'data': { 'data': 'str'}, 251 'if': 'TARGET_I386' } 252 253## 254# @query-sev-attestation-report: 255# 256# This command is used to get the SEV attestation report, and is 257# supported on AMD X86 platforms only. 258# 259# @mnonce: a random 16 bytes value encoded in base64 (it will be 260# included in report) 261# 262# Returns: SevAttestationReport objects. 263# 264# Since: 6.1 265# 266# Example: 267# 268# -> { "execute" : "query-sev-attestation-report", 269# "arguments": { "mnonce": "aaaaaaa" } } 270# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 271## 272{ 'command': 'query-sev-attestation-report', 273 'data': { 'mnonce': 'str' }, 274 'returns': 'SevAttestationReport', 275 'if': 'TARGET_I386' } 276 277## 278# @dump-skeys: 279# 280# Dump guest's storage keys 281# 282# @filename: the path to the file to dump to 283# 284# Since: 2.5 285# 286# Example: 287# 288# -> { "execute": "dump-skeys", 289# "arguments": { "filename": "/tmp/skeys" } } 290# <- { "return": {} } 291## 292{ 'command': 'dump-skeys', 293 'data': { 'filename': 'str' }, 294 'if': 'TARGET_S390X' } 295 296## 297# @GICCapability: 298# 299# The struct describes capability for a specific GIC (Generic 300# Interrupt Controller) version. These bits are not only decided by 301# QEMU/KVM software version, but also decided by the hardware that the 302# program is running upon. 303# 304# @version: version of GIC to be described. Currently, only 2 and 3 305# are supported. 306# 307# @emulated: whether current QEMU/hardware supports emulated GIC 308# device in user space. 309# 310# @kernel: whether current QEMU/hardware supports hardware accelerated 311# GIC device in kernel. 312# 313# Since: 2.6 314## 315{ 'struct': 'GICCapability', 316 'data': { 'version': 'int', 317 'emulated': 'bool', 318 'kernel': 'bool' }, 319 'if': 'TARGET_ARM' } 320 321## 322# @query-gic-capabilities: 323# 324# This command is ARM-only. It will return a list of GICCapability 325# objects that describe its capability bits. 326# 327# Returns: a list of GICCapability objects. 328# 329# Since: 2.6 330# 331# Example: 332# 333# -> { "execute": "query-gic-capabilities" } 334# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 335# { "version": 3, "emulated": false, "kernel": true } ] } 336## 337{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 338 'if': 'TARGET_ARM' } 339 340## 341# @SGXEPCSection: 342# 343# Information about intel SGX EPC section info 344# 345# @node: the numa node 346# 347# @size: the size of EPC section 348# 349# Since: 7.0 350## 351{ 'struct': 'SGXEPCSection', 352 'data': { 'node': 'int', 353 'size': 'uint64'}} 354 355## 356# @SGXInfo: 357# 358# Information about intel Safe Guard eXtension (SGX) support 359# 360# @sgx: true if SGX is supported 361# 362# @sgx1: true if SGX1 is supported 363# 364# @sgx2: true if SGX2 is supported 365# 366# @flc: true if FLC is supported 367# 368# @sections: The EPC sections info for guest (Since: 7.0) 369# 370# Since: 6.2 371## 372{ 'struct': 'SGXInfo', 373 'data': { 'sgx': 'bool', 374 'sgx1': 'bool', 375 'sgx2': 'bool', 376 'flc': 'bool', 377 'sections': ['SGXEPCSection']}, 378 'if': 'TARGET_I386' } 379 380## 381# @query-sgx: 382# 383# Returns information about SGX 384# 385# Returns: @SGXInfo 386# 387# Since: 6.2 388# 389# Example: 390# 391# -> { "execute": "query-sgx" } 392# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 393# "flc": true, 394# "sections": [{"node": 0, "size": 67108864}, 395# {"node": 1, "size": 29360128}]} } 396## 397{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 398 399## 400# @query-sgx-capabilities: 401# 402# Returns information from host SGX capabilities 403# 404# Returns: @SGXInfo 405# 406# Since: 6.2 407# 408# Example: 409# 410# -> { "execute": "query-sgx-capabilities" } 411# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 412# "flc": true, 413# "section" : [{"node": 0, "size": 67108864}, 414# {"node": 1, "size": 29360128}]} } 415## 416{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 417 418 419## 420# @EvtchnPortType: 421# 422# An enumeration of Xen event channel port types. 423# 424# @closed: The port is unused. 425# 426# @unbound: The port is allocated and ready to be bound. 427# 428# @interdomain: The port is connected as an interdomain interrupt. 429# 430# @pirq: The port is bound to a physical IRQ (PIRQ). 431# 432# @virq: The port is bound to a virtual IRQ (VIRQ). 433# 434# @ipi: The post is an inter-processor interrupt (IPI). 435# 436# Since: 8.0 437## 438{ 'enum': 'EvtchnPortType', 439 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'], 440 'if': 'TARGET_I386' } 441 442## 443# @EvtchnInfo: 444# 445# Information about a Xen event channel port 446# 447# @port: the port number 448# 449# @vcpu: target vCPU for this port 450# 451# @type: the port type 452# 453# @remote-domain: remote domain for interdomain ports 454# 455# @target: remote port ID, or virq/pirq number 456# 457# @pending: port is currently active pending delivery 458# 459# @masked: port is masked 460# 461# Since: 8.0 462## 463{ 'struct': 'EvtchnInfo', 464 'data': {'port': 'uint16', 465 'vcpu': 'uint32', 466 'type': 'EvtchnPortType', 467 'remote-domain': 'str', 468 'target': 'uint16', 469 'pending': 'bool', 470 'masked': 'bool'}, 471 'if': 'TARGET_I386' } 472 473 474## 475# @xen-event-list: 476# 477# Query the Xen event channels opened by the guest. 478# 479# Returns: list of open event channel ports. 480# 481# Since: 8.0 482# 483# Example: 484# 485# -> { "execute": "xen-event-list" } 486# <- { "return": [ 487# { 488# "pending": false, 489# "port": 1, 490# "vcpu": 1, 491# "remote-domain": "qemu", 492# "masked": false, 493# "type": "interdomain", 494# "target": 1 495# }, 496# { 497# "pending": false, 498# "port": 2, 499# "vcpu": 0, 500# "remote-domain": "", 501# "masked": false, 502# "type": "virq", 503# "target": 0 504# } 505# ] 506# } 507## 508{ 'command': 'xen-event-list', 509 'returns': ['EvtchnInfo'], 510 'if': 'TARGET_I386' } 511 512## 513# @xen-event-inject: 514# 515# Inject a Xen event channel port (interrupt) to the guest. 516# 517# @port: The port number 518# 519# Since: 8.0 520# 521# Example: 522# 523# -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } 524# <- { "return": { } } 525## 526{ 'command': 'xen-event-inject', 527 'data': { 'port': 'uint32' }, 528 'if': 'TARGET_I386' } 529